Fix leak of message snapshot buffer when attempting to send an illegal object.

runtime/vm/isolate.cc

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "vm/isolate.h"
 
 #include "include/dart_api.h"
 #include "include/dart_native_api.h"
 #include "platform/assert.h"
 #include "platform/text_buffer.h"
@@ skipping 82 matching lines @@
 
   void VisitIsolate(Isolate* isolate) { ASSERT(isolate->origin_id() != id_); }
 
  private:
   Dart_Port id_;
   DISALLOW_COPY_AND_ASSIGN(VerifyOriginId);
 };
 #endif
 
 
-static uint8_t* allocator(uint8_t* ptr, intptr_t old_size, intptr_t new_size) {
+static uint8_t* malloc_allocator(uint8_t* ptr,
+                                 intptr_t old_size,
+                                 intptr_t new_size) {
   void* new_ptr = realloc(reinterpret_cast<void*>(ptr), new_size);
   return reinterpret_cast<uint8_t*>(new_ptr);
 }
 
+static void malloc_deallocator(uint8_t* ptr) {
+  free(reinterpret_cast<void*>(ptr));
+}
+
 
 static void SerializeObject(const Instance& obj,
                             uint8_t** obj_data,
                             intptr_t* obj_len,
                             bool allow_any_object) {
-  MessageWriter writer(obj_data, &allocator, allow_any_object);
+  MessageWriter writer(obj_data, &malloc_allocator, &malloc_deallocator,
+                       allow_any_object);
   writer.WriteMessage(obj);
   *obj_len = writer.BytesWritten();
 }
 
 // TODO(zra): Allocation of Message objects should be centralized.
 static Message* SerializeMessage(Dart_Port dest_port, const Instance& obj) {
   if (ApiObjectConverter::CanConvert(obj.raw())) {
     return new Message(dest_port, obj.raw(), Message::kNormalPriority);
   } else {
     uint8_t* obj_data;
@@ skipping 62 matching lines @@
   Object& element = Object::Handle();
 
   element = Smi::New(Message::kIsolateLibOOBMsg);
   msg.SetAt(0, element);
   element = Smi::New(msg_id);
   msg.SetAt(1, element);
   element = Capability::New(capability);
   msg.SetAt(2, element);
 
   uint8_t* data = NULL;
-  MessageWriter writer(&data, &allocator, false);
+  MessageWriter writer(&data, &malloc_allocator, &malloc_deallocator, false);
   writer.WriteMessage(msg);
 
   PortMap::PostMessage(new Message(main_port(), data, writer.BytesWritten(),
                                    Message::kOOBPriority));
 }
 
 
 class IsolateMessageHandler : public MessageHandler {
  public:
   explicit IsolateMessageHandler(Isolate* isolate);
@@ skipping 2342 matching lines @@
   cap.value.as_capability.id = terminate_capability();
   list_values[2] = &cap;
 
   Dart_CObject imm;
   imm.type = Dart_CObject_kInt32;
   imm.value.as_int32 = Isolate::kImmediateAction;
   list_values[3] = &imm;
 
   {
     uint8_t* buffer = NULL;
-    ApiMessageWriter writer(&buffer, allocator);
+    ApiMessageWriter writer(&buffer, &malloc_allocator);
     bool success = writer.WriteCMessage(&kill_msg);
     ASSERT(success);
 
     // Post the message at the given port.
     success = PortMap::PostMessage(new Message(
         main_port(), buffer, writer.BytesWritten(), Message::kOOBPriority));
     ASSERT(success);
   }
 }
 
@@ skipping 397 matching lines @@
 void IsolateSpawnState::DecrementSpawnCount() {
   ASSERT(spawn_count_monitor_ != NULL);
   ASSERT(spawn_count_ != NULL);
   MonitorLocker ml(spawn_count_monitor_);
   ASSERT(*spawn_count_ > 0);
   *spawn_count_ = *spawn_count_ - 1;
   ml.Notify();
 }
 
 }  // namespace dart